X
Tap here to go to the mobile version of the site.

منتدى الدعم

Url bar only shows domain, not full path - makes browser unusable for me

Posted

Hi,

I'm a Firefox for Android beta user. A couple days ago I did an update, and now when I go to a web site all I see the domain and not the full path. This makes no sense to me. What is the benefit? It also makes the browser unusable for my purposes. How can I tell where I am? If I click in the bar it reveals the full path, but I need to see it all the time. I looked in about:config and no setting changes seemed to change this behavior. Please help! I really would not like to have to use Chrome. Thanks.

Chris

Hi, I'm a Firefox for Android beta user. A couple days ago I did an update, and now when I go to a web site all I see the domain and not the full path. This makes no sense to me. What is the benefit? It also makes the browser unusable for my purposes. How can I tell where I am? If I click in the bar it reveals the full path, but I need to see it all the time. I looked in about:config and no setting changes seemed to change this behavior. Please help! I really would not like to have to use Chrome. Thanks. Chris
jscher2000
  • Top 10 Contributor
8776 solutions 71744 answers

Helpful Reply

This change was to help users understand the most important part of the host name, for phishing protection. Bug #1236431 – Make the origin (site) we are on clearer and less spoofable or phishing prone

On tablets, the full URL will still be displayed. Bug #1250671 – URL bar: Consider showing full URL on tablets

When the site has an EVSSL certificate, the owner name from the certificate may be displayed instead of the host name/URL (I'm not quite sure about tablets). Bug #1249594 – Show name of organization (EV certificate) in URL bar

I don't know whether anyone has filed a request to add a preference that phone users could toggle to show the full URL on phones. Probably the best thing to do is go ahead and file that bug now, referring to the first two I mentioned. https://bugzilla.mozilla.org/enter_bug.cgi

This change was to help users understand the most important part of the host name, for phishing protection. [https://bugzilla.mozilla.org/show_bug.cgi?id=1236431 Bug #1236431 – Make the origin (site) we are on clearer and less spoofable or phishing prone] On tablets, the full URL will still be displayed. [https://bugzilla.mozilla.org/show_bug.cgi?id=1250671 Bug #1250671 – URL bar: Consider showing full URL on tablets] When the site has an EVSSL certificate, the owner name from the certificate may be displayed instead of the host name/URL (I'm not quite sure about tablets). [https://bugzilla.mozilla.org/show_bug.cgi?id=1249594 Bug #1249594 – Show name of organization (EV certificate) in URL bar] I don't know whether anyone has filed a request to add a preference that phone users could toggle to show the full URL on phones. Probably the best thing to do is go ahead and file that bug now, referring to the first two I mentioned. https://bugzilla.mozilla.org/enter_bug.cgi

Helpful Reply

Thanks for your reply. I filed a bug.

Chris

Thanks for your reply. I filed a bug. Chris
PenTech Services 0 solutions 24 answers

I just can't see this as being a good thing! Unless I'm not understanding how this works, couldn't a malicious site just lie about their site/company name?

Forcing the display of the site or company name in the URL bar thus hiding the address isn't gonna work for me I'm afraid, I like to know right off the bat what site I'm at/visiting without having to click the URL Bar to show the address. Phishing and malicious sites will surely take advantage of this. Shhheeeeesh, this shouldn't even be an option, it simply shouldn't be, for security reasons.

I also filed a Bugzilla report at: https://bugzilla.mozilla.org/show_bug.cgi?id=1271030

I just can't see this as being a good thing! Unless I'm not understanding how this works, couldn't a malicious site just lie about their site/company name? Forcing the display of the site or company name in the URL bar thus hiding the address isn't gonna work for me I'm afraid, I like to know right off the bat what site I'm at/visiting without having to click the URL Bar to show the address. Phishing and malicious sites will surely take advantage of this. Shhheeeeesh, this shouldn't even be an option, it simply shouldn't be, for security reasons. I also filed a Bugzilla report at: https://bugzilla.mozilla.org/show_bug.cgi?id=1271030

Modified by PenTech Services

jscher2000
  • Top 10 Contributor
8776 solutions 71744 answers

PenTech Services said

Unless I'm not understanding how this works, couldn't a malicious site just lie about their site/company name?

I don't think so. The two things you would normally expect to see are:

(1) base domain name - Firefox calculates this from the URL, so it's as real as the URL

(2) company name from an EVSSL certificate - the issuers have strict procedures for validating this information, so it seems unlikely that a phishing site would go through this process for the brief time before they are shut down

''PenTech Services [[#answer-874029|said]]'' <blockquote> Unless I'm not understanding how this works, couldn't a malicious site just lie about their site/company name?</blockquote> I don't think so. The two things you would normally expect to see are: (1) base domain name - Firefox calculates this from the URL, so it's as real as the URL (2) company name from an EVSSL certificate - the issuers have strict procedures for validating this information, so it seems unlikely that a phishing site would go through this process for the brief time before they are shut down
PenTech Services 0 solutions 24 answers

Thanks jscher2000! I'm still learning here. So this is now permanent in FF releases? Or is there a way I can force the urlbar to show full URLs instead of names? In about:config?

Your help is much appreciated.

Thanks jscher2000! I'm still learning here. So this is now permanent in FF releases? Or is there a way I can force the urlbar to show full URLs instead of names? In about:config? Your help is much appreciated.
jscher2000
  • Top 10 Contributor
8776 solutions 71744 answers

Hi PenTech Services, this is the new normal. I think two different users said they filed bug reports to get a change made. I didn't actually read the bugs myself, but there's a link to one of them earlier in this thread.

Hi PenTech Services, this is the new normal. I think two different users said they filed bug reports to get a change made. I didn't actually read the bugs myself, but there's a link to one of them earlier in this thread.
PenTech Services 0 solutions 24 answers

Mr. jscher2000; The following either A: breaks the way the EVSSL thing works or B: disables the showing of the name instead of the url in the urlbar.

security.ssl.enable_ocsp_stapling = false security.OCSP.enabled = 0 Now, will doing the above cause me any issues with FF? Or should I be OK to use this as a fix?

And so FF doesn't grey out parts of the url & blocks the showing of the http:// part I also DISABLED both of these: browser.urlbar.trimURLs browser.urlbar.formatting.enabled

As you can see in my screenshot it no longer shows the name, it now shows the full URL, which I'm completely happy with, as long as it won't cause problems.

Daniel.

Mr. jscher2000; The following either A: breaks the way the EVSSL thing works or B: disables the showing of the name instead of the url in the urlbar. '''security.ssl.enable_ocsp_stapling''' = '''false''' '''security.OCSP.enabled''' = '''0''' Now, will doing the above cause me any issues with FF? Or should I be OK to use this as a fix? And so FF doesn't grey out parts of the url & blocks the showing of the http:// part I also DISABLED both of these: '''browser.urlbar.trimURLs''' '''browser.urlbar.formatting.enabled''' As you can see in my screenshot it no longer shows the name, it now shows the full URL, which I'm completely happy with, as long as it won't cause problems. Daniel.
jscher2000
  • Top 10 Contributor
8776 solutions 71744 answers

Hi Daniel, setting --

security.ssl.enable_ocsp_stapling = false
security.OCSP.enabled = 0

-- stops Firefox from checking the ongoing validity of SSL certificates, the revocation check is no longer performed. Keeping OCSP checks enabled is a good security practice.

Hi Daniel, setting -- <blockquote> '''security.ssl.enable_ocsp_stapling''' = '''false''' <br> '''security.OCSP.enabled''' = '''0''' </blockquote> -- stops Firefox from checking the ''ongoing'' validity of SSL certificates, the revocation check is no longer performed. Keeping OCSP checks enabled is a good security practice.